public static Dictionary <int, object> TemporaryPublicReadAccessUserObjects = new Dictionary <int, object>(); // dict of objects with temp read access /// <summary> /// Return true if the user object is shared with anyone other than the owner /// </summary> /// <param name="userName"></param> /// <param name="uo"></param> /// <returns></returns> public static bool IsShared( UserObject uo) { if (uo.AccessLevel == UserObjectAccess.Public) { return(true); } else if (uo.AccessLevel == UserObjectAccess.Private) { return(false); } else if (uo.AccessLevel == UserObjectAccess.ACL) { AccessControlList acl = AccessControlList.Deserialize(uo.ACL); if (acl.ReaderCount >= 2) { return(true); // say shared if two or more readers } else { return(false); } } else { return(false); // unexpected AccessLevel } }
/// <summary> /// See if the supplied user name can write the user object the supplied object /// </summary> /// <param name="userName"></param> /// <param name="uo"></param> /// <returns></returns> public static bool UserHasWriteAccess( string userName, UserObject uo) { if (uo == null) { return(false); } else if (Lex.Eq(uo.Owner, userName)) { return(true); } else if (uo.AccessLevel == UserObjectAccess.Public) { return(false); } else if (uo.AccessLevel == UserObjectAccess.ACL) { AccessControlList acl = AccessControlList.Deserialize(uo.ACL); return(acl.UserHasWriteAccess(userName)); } else { return(false); // unexpected AccessLevel } }
/// <summary> /// Get permissions for specified user object /// </summary> /// <param name="userName"></param> /// <param name="id"></param> /// <returns></returns> public static PermissionEnum GetUserObjectPermissions( string userName, int id) { PermissionEnum permissions = PermissionEnum.None; UserObject uo = InterfaceRefs.IUserObjectDao.ReadHeader(id); AccessControlList acl = AccessControlList.Deserialize(uo); permissions = acl.GetUserPermissions(userName); return(permissions); }
/// <summary> /// See if the supplied user name can read the user object the supplied object /// </summary> /// <param name="userName"></param> /// <param name="uo"></param> /// <returns></returns> public static bool UserHasReadAccess( string userName, UserObject uo) { if (uo == null) { return(false); } else if (Lex.Eq(uo.Owner, userName) || // do we own it Lex.Eq(uo.Owner, "Mobius") || // allow anyone to read these Lex.Eq(uo.Owner, "AlertMonitor")) // or these { return(true); } else if (uo.AccessLevel == UserObjectAccess.None) { return(true); // allow all to read if no security } else if (uo.AccessLevel == UserObjectAccess.Public) { return(true); } else if (TemporaryPublicReadAccessUserObjects.ContainsKey(uo.Id)) { return(true); // temp read turned on for this object } else if (AllowTemporaryPublicReadAccessToAllUserObjects) // temp read all turned on { Permissions.TemporaryPublicReadAccessUserObjects[uo.Id] = null; // mark to allow temp read later also return(true); } else if (uo.AccessLevel == UserObjectAccess.ACL) // check the acl { AccessControlList acl = AccessControlList.Deserialize(uo.ACL); if (acl.UserHasReadAccess(userName)) { return(true); } else { return(false); } } else { return(false); // unexpected AccessLevel } }
/// <summary> /// Update permissions to reflect a change in ownership /// </summary> /// <param name="uo"></param> /// <param name="userName"></param> public static void UpdateAclForNewOwner( UserObject uo, string oldOwner, string newOwner) { if (uo.AccessLevel != UserObjectAccess.ACL) { return; // only need to do for ACL } AccessControlList acl = AccessControlList.Deserialize(uo.ACL); acl.RemoveUserItem(oldOwner); acl.AddReadWriteUserItem(newOwner); uo.ACL = acl.Serialize(); }
/// <summary> /// Get the list of permissions the user has for the specified object /// </summary> /// <param name="userName"></param> /// <param name="internalObjectName"></param> /// <returns></returns> public static PermissionEnum GetUserPermissions( string userName, string internalObjectName) { PermissionEnum permissions = PermissionEnum.None; if (UserObject.IsUserObjectInternalName(internalObjectName)) // UserObject { UserObjectType type; int id; string key = userName.ToUpper() + "_" + internalObjectName.ToUpper(); if (PermissionsCache.ContainsKey(key)) { return(PermissionsCache[key]); } UserObject.ParseObjectTypeAndIdFromInternalName(internalObjectName, out type, out id); if (id <= 0) { if (ClientState.IsAdministrator()) { return(PermissionEnum.Read); } else { return(PermissionEnum.None); } } UserObject uo = InterfaceRefs.IUserObjectDao.ReadHeader(id); AccessControlList acl = AccessControlList.Deserialize(uo); permissions = acl.GetUserPermissions(userName); PermissionsCache[key] = permissions; // update cache } else // assume database table name with full access { permissions = PermissionEnum.Read | PermissionEnum.Write; } return(permissions); }